Key-Logger Simulation Test - Pass(*Note: Detected and gave me the option to terminate this test on the spot via the pop-up notification.)
Screen-Logger Simulation Test - Pass(*Note: Blocked silently.)
WebCam-Logger Simulation Test - Tentative Pass(*Note: Although, I do not have a webcam, I ran this test anyway and observed in DW's log that all attempts to make changes to the registry were blocked silently.)
Clipboard-Logger Simulation Test - ?(*Note: Does not appear to work when run as "untrusted". I will have to get Ilya to look at this particular test.)

WebCam-Logger Simulation Test - Tentative Pass(*Note: Although, I do not have a webcam, I ran this test anyway and observed in DW's log that all attempts to make changes to the registry were blocked silently.)

Click to expand...

It will be best to have this test done with a web cam I think. The only way to know.

Solcroft! I know what u will say and I understand and agree with you to some extent, though not fully.

Click to expand...

Actually, no I won't. You know the facts, and I'm beginning to sound like a broken record anyway.

I test with real malware. POCs are to behavior blockers what the EICAR test file is to antivirus software: just a weak replacement used by sissies who feel the need to trick themselves into thinking they're doing any meaningful tests. But I'm sure you already know that.

As about webcam- I still didn't made my mind if need to implement it. The reason is following: there are too many software nowadays (ICQ and other popular IM software, Skype and other VoIP clients) that are using webcam. Not sure if I need alert on each of it as it is impossible to automatically block it out. Also, in future, more and more software will be using webcams in order to improve its functionality. So- I'm in doubts about this point. Is it really about security?

Solcroft, Should i ditch Sandboxie because of this,or should i trust Tsuk who is actually saying that no data can escape,if configured right ?

Click to expand...

All I'm saying that your claim was inaccurate. And now that you know that, what you choose to do with that knowledge is your own business.

But right now, I'm trying very hard not to laugh. Oh wow, something's not absolutely flawlessly perfect, it needs to be ditched. You believed it was impenetrable just because some stranger over the Internet said so, and now you're asking another stranger if you need to ditch it. Seriously: grow up.

Huupi said:

Can you explain a bit how this can happen ?

Click to expand...

Like I said, run the leaktests and see for yourself. I did it some while ago, but WB3 was one of those that broke past Sandboxie IIRC. So all a keylogger would need to do is to use the same connection techniques as the leaktests do, and there you go.

How are keyloggers typically 'installed' on ones system? Is there one specific method or do they come in all sizes and manners?
How can one protect his system (apart from the usual AV/AS software)? Browser plugins perhaps?

A while back I did some tests with commercial key loggers. Some of you may remember.
Back then you could download all new versions for free trial use. Now the makers got smart and some of them do not give a free trial. This way at least if the AV's are going to catch them, someone will have to pay for it.
My test simply comprised of downloading the newest version and running them through Virus Total. The interesting part is only a hand full of AV' were adding them. The reasons may have been legal issues, I don't know.
I am sure most still added for ITW key loggers, I never tested that.
But of course the most common way for these to get installed is if someone has access to your computer such as an IT person, spouse, yo mama or dad ect.

Can you people tell me if HIPS have become easy to use for the home user?